[Tickets #14857] Re: Multiple XSS security vulnerabilities
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Sep 26 17:44:21 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14857
------------------------------------------------------------------------------
Ticket | 14857
Updated By | Michael Rubinsky <mrubinsk at horde.org>
Summary | Multiple XSS security vulnerabilities
Queue | Horde Groupware
Version | 5.2.22
Type | Bug
-State | Resolved
+State | Assigned
Priority | 3. High
Milestone |
Patch |
Owners | Michael Rubinsky
------------------------------------------------------------------------------
Michael Rubinsky <mrubinsk at horde.org> (2018-09-26 17:44) wrote:
>> These are all fixed, and released in
>>
>> horde/base
>> horde/Core
>> horde/Kronolith
>>
>> A release of the groupware bundles will be forthcoming.
>
> Thank you very much for fixing these issues. Would it be possible to
> document which commit fixed a specific CVE? That would allow me and
> others to easily reference the patches.
Ah, right:
CVE-2017-16906:
https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d
CVE-2017-16907:
https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230
and
https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230
CVE-2017-16908:
https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716
...and now as I'm doing this, I see that the last CVE referenced in
your original report wasn't talked about on that blog page, so I
missed it. Let me review that one to see if it's still pertinent or
not....
More information about the bugs
mailing list